RGPD : Which consequences for my start-up ?
Introduction to GDPR. Dear fellow entrepreneurs, on May 25, 2018, you have to do 2 important things. You have to register, with a few delay at START-UP GOLF CHALLENGE to be held on JUNE 1, 2018
You will bring your company into compliance with the General Data Protection Regulations (GDPR) and it will be both for you to appoint on your team a Data Protection Officer more commonly known as the DPO
The consulting and event agency dedicated to Start-Ups GOWEEZ, will quickly highlight the important points to keep in mind for this compliancy. Don’t worry, you have 2 full years to comply (until May 2018). But the task should not be underestimated.
1/ First of all, who is concerned with the RGPD?
In fact, 9 out of 10 companies. In other words, everyone.
The data is everywhere, it is managed in many ways. So the impact of the GDPR will be at certain levels.
But the fact remains that we are all concerned, the user, the customer, the visitor, the consumer, the leader. Only 9% of French companies are “RGPD compatible”.
Collaborate with the data collected, you are responsible for the security, transparency, responsibility and notification of personal data and therefore you must ensure a legal framework, contract, clause of respect for privacy, disclaimer on website, etc.
2/ Registry of processing activities
Companies employing more than 250 people will have to keep a record of processing. As a result it will includes all the activities made regarding any update, the categories of data and therefore the persons concerned, or the shelf life.
This document should also describe the technical and organizational security measures put in place. A DPO will be appointed and will become responsible for the registry
3/ Hello, i’m the Data Protection Officer !
So, the DPO is an employee of the company who can not come from certain functions of the company, for example CEO, COO, DSI, HR or Marketing Director. This person is necessarily located in Europe and must be reachable in his language. Important ! he is independent of his hierarchy.
4/ Right to be forgotten or the “Privacy by Design”
An accurate mapping of data will be needed, where to find them? what is it for? do we really need it? Therefore a certain number of devices will be put in place during the surfer’s surfing.
The design or architecture of the site must allow any user to know why he is asked for his data, and how he can delete them at any time
5/ GDPR, for which sanctions ?
An administrative fine of up to 4% of the company’s global turnover.
Authorities may also: Issue a warning, put the company on notice, temporarily or permanently limit processing, suspend data flows, order to meet requests for exercise of the rights of individuals or order rectification, limitation or erasing the data.
You will understand, the subject requires “a little methodology” to say a lot. it’s a team work that requires a structured organization.
To learn more about the subject and not miss anything on this new European regulation, you can visit the site of the CNIL which presents the different steps to move to the RGPD.
This shift of responsibility will add additional pressure on the leader’s shoulders.
Therefore, it will be necessary to demonstrate that compliancy work have been initiated.
Check out more info on START-UP GOLF CHALLENGE